The recent $10.63 million exploit of Hyperliquid’s JELLY token is reverberating across the decentralized finance (DeFi) community, with experts warning that the incident may not be an isolated case. According to Dr. Jan Philipp Fritsche, managing director at Oak Security, the exploit highlights a deeper structural flaw within DeFi protocols—one that could threaten other platforms if left unaddressed.
Not a Bug—But a Predictable Failure
In a detailed analysis shared with crypto.news, Dr. Fritsche explained that the exploit was not caused by a coding vulnerability or software bug. Rather, it stemmed from market manipulation and flawed risk management.
“The attacker opened massive opposing positions in JELLY, knowing that one side would collapse and the other would cash out. Because payouts weren’t capped and risk wasn’t isolated, the protocol ate the loss—and the attacker walked away with millions,” said Fritsche.
The exploit involved a trader opening a $5 million short position on JELLY, then removing their margin and leaving Hyperliquid exposed. Coordinated traders then triggered a short squeeze, causing a massive loss for the protocol.
Fritsche called the incident a “textbook example of unpriced vega risk,” a concept from traditional finance relating to implied volatility exposure. He warned that many DeFi platforms overlook this key risk, making them susceptible to similar attacks.
Industry Backlash Against Hyperliquid
The incident has drawn widespread criticism. Bitget CEO Gracy Chen was among the first to react, calling Hyperliquid’s practices “immature, unethical, and unprofessional,” and warning that the situation could turn the platform into an “FTX 2.0.”
While Hyperliquid has promised to compensate affected users, the damage to its reputation may already be significant. The exploit has raised fundamental questions about how DeFi protocols manage risk in the face of increasingly sophisticated attacks.
A Warning Sign for DeFi
The Hyperliquid exploit is not an isolated case. Just days later, another DeFi protocol, SIR.trading, was drained of $355,000, wiping out its entire total value locked (TVL).
According to a report by Hacken, DeFi exploits were the leading cause of crypto-related losses in 2024, accounting for $308.7 million, compared to $192.9 million from rug pulls.
As protocols grow more complex, experts argue that traditional finance principles—like volatility pricing and risk isolation—must be incorporated to ensure the long-term viability of decentralized platforms.
The Hyperliquid JELLY exploit serves as a stark reminder that DeFi’s innovative potential must be matched by robust risk management systems. With analysts warning of wider vulnerabilities, the incident could mark a turning point for how DeFi protocols approach platform security and user protection.
